Ransomware victim disclosure
← All victimsUnitedHealth Group (Optum/Change Healthcare)
listed as Change Healthcare - Optum - UnitedHealth · Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedFeb 28, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Feb 28, 2024
About the victim
AI dossier — public-source company profileOptum is a major healthcare services and innovation company operating under UnitedHealth Group. Change Healthcare is a healthcare IT platform acquired by Optum. Together they serve 8 out of 10 U.S. health plans, 8 out of 10 U.S. hospitals, and 8 out of 10 Fortune 100 companies, providing payer, provider, employer, and government healthcare solutions including EHR, claims processing, prior authorization, pharmacy benefits, and data analytics.
- Industry
- Healthcare Technology & Health Insurance
Attack summary
Severity: critical — Change Healthcare/Optum is a critical infrastructure provider in U.S. healthcare serving the vast majority of hospitals, health plans, and providers. Confirmed exfiltration and publication of data from healthcare infrastructure at this scale involves massive PII exposure (patient records, claims), operational disruption to healthcare delivery systems, and regulated data.ALPHV/BlackCat claims to have compromised Change Healthcare and Optum systems. The group has disclosed that data has been published, though the specific scope and exfiltration claims are not detailed in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Healthcare claims data
- Patient information
- Provider records
- Pharmacy benefit data
- Prior authorization records
- Employer health plan data
- Government health program data
Sources
- Victim sitechangehealthcare.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

